UnixTime

Research Note

A.8.11 Audit Evidence Pack

- Masking methods are defined and matched to use cases. - Full-data access is role-based and approved. - Token lookup tables/keys are segregated. - Re-combination is logged and...

On this page

What the auditor wants to verify

Audit objective

Verify that masking, pseudonymisation, tokenisation, or anonymisation is defined, applied, access-controlled, legally appropriate, and protected against unauthorized re-identification.

Evidence to request

Evidence Purpose
Data masking standard Shows masking methods and rules are defined
Sensitive data inventory Shows data requiring masking is known
Data masking decision register Shows masking decisions are justified
Role access matrix Shows who may view full data
Masking configuration/demo Shows technical implementation
Lookup table/key segregation evidence Shows re-identification path is protected
Re-combination logs Shows full-data restoration is controlled
Re-identification risk assessment Shows potentially identifiable data is assessed
Deletion records for re-combined data Shows full data is removed after use

Strong evidence

  • Masking methods are defined and matched to use cases.
  • Full-data access is role-based and approved.
  • Token lookup tables/keys are segregated.
  • Re-combination is logged and authorized.
  • Potential re-identification is assessed.
  • Re-combined data is deleted when no longer needed.

Weak evidence

  • “Anonymised” data can be re-identified.
  • Token lookup table is stored beside tokenized data.
  • Developers use unmasked production data.
  • Re-combination is not logged.
  • Full-data roles are undefined.

Sample interview questions

  • Which masking methods are used?
  • Who can view full unmasked data?
  • How is re-combination authorized and logged?
  • Where are lookup tables or keys stored?
  • How do you test whether anonymised data is still identifiable?

Common nonconformities

  • Masking method not defined.
  • Pseudonymised data treated as anonymous.
  • Lookup table not segregated.
  • Re-identification risk not assessed.
  • Re-combined data retained after use.
  • Audit
  • Evidence
  • A8 11
  • Iso27001

Note Metadata

Aliases: A.8.11 Evidence

Source: 04 Audit Evidence Packs/A.8.11 Audit Evidence Pack.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.